Indeed, so now the problem is hole in the posting number.
So this can be used by malicious user to always skip this check.
Such feature is not available in Tryton because there are always integrity issues. Any way this is going off-topic and the standard process is already documented How to credit and refund a posted invoice.